README.md

Azure DB for PostgreSQL

Introduction

This module manages resources for Azure DB for PostgreSQL.

Usage

Instantiate the module by calling it from Terraform like this:

module "azure-postgresql" {
  source  = "dodevops/postgresql/azure"
  version = "<version>"
}

Requirements

The following requirements are needed by this module:

• terraform (>=1.0.0)

• azurerm (>=3.63.0)

Providers

The following providers are used by this module:

• azurerm (>=3.63.0)

Modules

No modules.

Resources

The following resources are used by this module:

• azurerm_postgresql_configuration.connection-throttling-normal (resource)
• azurerm_postgresql_configuration.log-checkpoints-normal (resource)
• azurerm_postgresql_configuration.log-connections-normal (resource)
• azurerm_postgresql_configuration.params (resource)
• azurerm_postgresql_database.db (resource)
• azurerm_postgresql_firewall_rule.firewall (resource)
• azurerm_postgresql_flexible_server.server (resource)
• azurerm_postgresql_flexible_server_configuration.log-checkpoints (resource)
• azurerm_postgresql_flexible_server_configuration.params (resource)
• azurerm_postgresql_flexible_server_configuration.pgbouncer (resource)
• azurerm_postgresql_flexible_server_database.db (resource)
• azurerm_postgresql_flexible_server_firewall_rule.firewall (resource)
• azurerm_postgresql_server.server (resource)
• azurerm_postgresql_virtual_network_rule.virtualnetworks (resource)
• azurerm_private_endpoint.postgresql-private-endpoint (resource)

Required Inputs

The following input variables are required:

admin_password

Description: Admin password

Type: string

charset

Description: Charset for the databases, which needs to be a valid PostgreSQL charset.

Type: string

collation

Description: Collation for the databases, which needs to be a valid PostgreSQL collation. For single server Microsoft uses different notation - f.e. en-US instead of en_US

Type: string

database_suffixes

Description: List of suffixes for databases to be created

Type: list(string)

location

Description: The azure location used for azure

Type: string

project

Description: Three letter project key

Type: string

resource_group

Description: Azure Resource Group to use

Type: string

stage

Description: Stage for this ressource group

Type: string

Optional Inputs

The following input variables are optional (have default values):

admin_login

Description: Admin login

Type: string

Default: "psql"

allowed_ips

Description: A hash of permissions to access the database server by ip. The hash key is the name suffix and each value
has a start and an end value.

• For public access set start to 0.0.0.0 and end to 255.255.255.255.
• For access from all Azure services set start and end to 0.0.0.0

This variable is not used if public_access = false.

Type:

map(object({
    start = string,
    end   = string
  }))

Default: {}

autogrow

Description: Enable/Disable auto-growing of the storage. Storage auto-grow prevents your server from running out of storage
and becoming read-only. If storage auto grow is enabled, the storage automatically grows without impacting the
workload (only single server)

Type: bool

Default: true

availability_zone

Description: The availability zone the Flexible Server should be placed in (only flexible server)

Type: number

Default: 1

backup_retention_days

Description: Number of days to keep backups

Type: number

Default: 7

database_flexible

Description: Whether to use Azure's flexible database service

Type: bool

Default: false

database_host_sku

Description: SKU for the database server to use. Single server uses values like GP_Gen5_2, flexible server uses Azure
machine SKUs with a tier prefix like GP_Standard_D2s_v38. See the Microsoft documentation
on what machine types are available for PostgreSQL.

Type: string

Default: "GP_Gen5_2"

database_storage

Description: Required database storage (in MB) (flexible server has a defined set of storage sizes to select from.
See https://docs.microsoft.com/de-de/azure/postgresql/flexible-server/concepts-compute-storage#storage

Type: string

Default: "5120"

database_version

Description: Database version to use

Type: string

Default: "11"

geo_redundant_backup_enabled

Description: Turn Geo-redundant server backups on/off. This allows you to choose between locally redundant or geo-redundant
backup storage in the General Purpose and Memory Optimized tiers. This is not supported for the Basic tier (only single server)

Type: bool

Default: false

params

Description: A map of server parameters to set

Type: map(string)

Default: {}

public_access

Description: Wether to allow public access to the database server. True will create firewall rules for allowed_ips and for
subnets. False will create a private endpoint in each given subnet (allowed_ips will not be used then) - you have
to set enforce_private_link_endpoint_network_policies = true on your subnet in this case (see
the Terraform subnet resource documentation). (false currently not supported for flexible server)

Type: bool

Default: false

subnets

Description: Maps of prefix => subnet id that has access to the server (only single server)

Type: map(string)

Default: {}

suffix

Description: Naming suffix to allow multiple instances of this module

Type: string

Default: ""

Outputs

The following outputs are exported:

admin_login

Description: The administrative username

admin_password

Description: The password of the administrative user

database_ids

Description: IDs of the created databases

databases

Description: Names of the created databases

server_fqdn

Description: FQDN of the database service

server_id

Description: ID of the database server

Development

Use the terraform module tools to check and generate the documentation by running

docker run -v "$PWD":/terraform ghcr.io/dodevops/terraform-module-tools:latest